GNU bash 2.05b does not do “{1..3}” expansion, which leads to mis-detecting
a fully patched bash on Debian sarge (my own packages) as vulnerable to
CVE-2014-7187 and missing CVE-2014-7187; expand those bashisms to keep
compatible and return correct values even for that version of GNU bash.